Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 86% confidence
- Finding
- The skill documents use of environment variables for an InstantDB admin token but does not declare corresponding permissions or access expectations. This creates a transparency and governance gap: an agent may be given powerful database credentials without clear review boundaries, increasing the chance of unauthorized reads, writes, or destructive actions.
